certifi.ca - new OpenID Provider with secure Anti-Phishing Solution


Today I received an interesting submission on The OpenID Directory from Evan Prodromou, well known as one of the founders of Wikitravel: certifi.ca is a new OpenID Provider which uses browser based certificates like e.g. the free ones from Thawte to identify the user.

The text of the submission sounded promising: No more passwords, no more phishing!

But going to the homepage of certifi.ca left me clueless: no login, no registration, just some hints where to get a certificate that is supported by certifi.ca. The rest looking pretty much like a barebone JanRain PHP Server.

Using my certificate equipped firefox instead of IE brought light into the dark: there are two different homepages of this service - one for browsers with certificates and one for browsers without. The point is: you simply have NO CHANCE to register using the standard username / password process! That makes this IdP somehow unique, but also hard to understand for the less ambitioned internet users.

And this is how it works: When you start your daily browser session you only have to visit https://certifi.ca Your browser will ask you for your certificate then and after confirming this dialog you are all done. There´s no login or logout - after identifying yourself with your certificate you are simply “known”.

By the way: I´m using certifi.ca as my browsers default startpage from now on. I hink this is a good habit, just like brushing my teeth in the morning ;-) .

certifi.ca works well with relying parties and gives you the freedom to use your own blog as your OpenID. If not, you get an ID like https://certifi.ca/username.

Cool work Evan!

Information and Links

Join the fray by commenting, tracking what others have to say, or linking to it from your blog.

Information
March 1st, 2007
8 Responses
Feeds and Links
Comment Feed
From This Author
Del.icio.us
Digg
Technorati
Categories
Web 2.0
OpenID

Other Posts
OpenID Consumer-Ping-Service for OpenID Providers
Cool presentation on OpenID

Write a Comment

OpenID

Take a moment to comment and tell us what you think. Some basic HTML is allowed for formatting.

Anonymous

Take a moment to comment and tell us what you think. Some basic HTML is allowed for formatting.

Reader Comments

Comment Number:
1
Written by:
OpenIDNic
Posted on:
March 1, 2007 at 6:14 pm

They’re not unique and they’re not the first to do this.

http://prooveme.com has been doing certificated OpenID for 2 weeks. Come and check us out.

Comment Number:
2
Written by:
thuhn
Posted on:
March 1, 2007 at 6:40 pm

You´re absolutely right Nic. To be honest: I wasn´t aware of this until now, because your registration form kept me from joining your service. I had the feeling that I had to share too much information upfront, not knowing what I will get for in the end.

I have registered now and I noticed that your service is even more convenient: After filling in the form and hitting the submit button prooveme.com automatically installs a new certificate in your browser for free - that´s great!

On what server side technology is prooveme.com based and will it possibly be available as open source, just like the JanRain PHP Server Library? I think this would help the OpenID community a lot.

Keep up the good work!

Comment Number:
3
Written by:
OpenIDNic
Posted on:
March 1, 2007 at 9:03 pm

It’s based on a certificate authority (the complicated bit) that I put together and the standard Python OpenID library. We’re using apache/mod_python as the web platform.

We may release it under a free licence… but not yet because it’s still in heavy development.

Btw, we are soon to allow you to use certificates from other certificate providers, just as certifi.ca does. But we believe that providing free certificates was an important first step.

We’ll also be letting you create more certificates with restrictions attached which you can then pass on to other tools (say, Flikr) so that they can use your certificate to log into sites on your behalf.

That’s the real advantage of certs… total control over delegation.

Comment Number:
4
Written by:
Certificated OpenID at Not So Relevant
Posted on:
March 5, 2007 at 10:22 pm

[…] Thomas Huhn of Social Media Blog and OpenID Directory has posted a review of certifi.ca which is another OpenID provider. Though certifi.ca is quite different to other providers. […]

Comment Number:
5
Written by:
OpenIDhttp-certifi.ca-gng
Posted on:
March 17, 2007 at 4:45 pm

proveme.com is better in that I don’t need to go through the whole complicated “getting a cert” process(a must for certifi.ca). The only catch, I am running IE 7(abandone firefox because of its outrageous memory usage).

BTW, this I believe is the only workable solution for openid as otherwise it would have the tendency to “encourage” people to lower their guard about phishing.

Comment Number:
6
Written by:
DamionKutaeff
Posted on:
March 23, 2008 at 9:56 am

Hello everybody, my name is Damion, and I’m glad to join your conmunity,
and wish to assit as far as possible.

Comment Number:
7
Written by:
OpenIDwhite_gecko
Posted on:
July 20, 2009 at 5:59 pm

I’ve also made a certifi.ca OpenID, as you can see. But I worry, what will happen, when my cert expires. As the commenter on OpenID Directory [].
Because there is no chance to manage my certificats on the certifi.ca interface. I tried to reach the admin@certifi.ca via E-Mail, but he didn’t answer. Does somebody know more about this issue?

[1] http://openiddirectory.com/certifi-ca-s-171.html#

Comment Number:
8
Written by:
Thomas Huhn
Posted on:
July 20, 2009 at 9:04 pm

I would suggest to get in touch with Evan Prodromou on http://identi.ca/ to ask him about this topic. He’s the founder of certifi.ca